To use Cyware you must have cookies enabled. By Registering or Signing in, you agree to our Terms and Privacy Policy. You can also signup using Google Account. We will not use your credentials to import contacts or post anything on your account without your permission.For more info, please see Login FAQ.

Florida-based marketing firm Exactis has reportedly exposed a massive database containing nearly 340 million individual records and personal data of hundreds of millions of people and businesses on a publicly accessible server. Security researcher Vinny Troia, founder of the New York-based security firm Night Lion Security, discovered the database that contained nearly 2 terabytes of data including 230 million records on American adults and 110 million records on US business contacts, the Wired reports.

The exposed database reportedly included a slew of personal information including phone numbers, home and email addresses, interests and habits for every name. It even included the number, age and gender of their children and over 400 variables on a wide range of characteristics such as smoking habits, religion, any known pets, etc. Credit card data and Social Security numbers was not leaked.

"It seems like this is a database with pretty much every US citizen in it," Troia told the Wired. "I don’t know where the data is coming from, but it’s one of the most comprehensive collections I’ve ever seen."

It is not clear how long the database has been exposed for or if it has been accessed by any malicious actors. It is also not immediately clear exactly how many people and businesses have been affected in the breach.

According to Exactis' website, it has over 3.5 billion consumer, business and digital records.

However, Troia noted that he was able to find the database while using Shodan - a popular search tool that has been used by both researchers and hackers alike to scan for internet-connected devices. Using Shodan, Troia searched for all ElasticSearch databases stored on publicly accessible servers with US IP addresses. Among the 7000 search results returned, Troia spotted the Exactis database that was left unprotected by any firewall.

Troia reportedly notified both Exactis and the FBI about the exposed database that has since been secured. The company has yet to publicly respond to the reported data leak.

Although the exposed data did not contain any financial information, the exhaustive personal and lifestyle details leaked could be leveraged in targeted social-engineering and phishing attacks.

The exposed database comes as the latest in a string of leaks wherein a server that contains a vast trove of personal and sensitive information has been left unsecured online and available for anyone to access, if they know where to look.

In June 2017, conservative data firm Deep Root Analytics accidentally exposed over a terabyte of political data of more than 198 million US citizens on an Amazon server without password protection. A few months later, security firm TigerSwan inadvertently the personal data, resumes and expertise of hundreds of individuals, many of whom had "top secret" clearances and access to highly-classified information.

Who we are

Cyware is a first-of-its-kind, comprehensive cyber situational awareness platform, designed to help you stay informed about the latest happenings in the cyber world with expertly curated news stories and updates.

Our Technology

Let IBM's Watson Find the Right News For You

The cyber threat landscape is changing rapidly, and cybersecurity news has claimed its spot on the front pages in recent months. It's not easy to find the right information from tens of thousands of cyber news articles and feeds published every day. Our machine learning based curation engine brings you the most relevant cyber content based on your needs.

Receive Daily Cyber News in Your Inbox

From the latest cyber security trends and innovations to new malware, vulnerabilities and threat intelligence, we bring you the most up-to date and relevant cyber updates and news alerts.